WGU D430 Scenario Based Exam Question with Correct and Verified Answers

WGU D430 Scenario Based Exam Question with Correct and Verified Answers "An organization wants to prevent unauthorized access to its internal network from external sources. What security measure should be implemented? - Correct Answer Network Segmentation" "A company aims to detect and respond to potential security incidents on its network. What technology is specifically designed for this purpose? - Correct Answer Intrusion Detection System (IDS)" An organization wants to ensure that only authorized personnel can access sensitive data stored in a database. What security measure should be implemented for protecting data at rest? - Correct Answer Access controls" "A company wishes to secure communication between its two branch offices over the internet. What technology should be employed for protecting data in motion? - Correct Answer Virtual Private Network (VPN)" "A web application needs to identify and prevent SQL injection attacks. What security measure is most appropriate for protecting data in use? - Correct Answer Application-level encryption" "An attacker intercepts and alters the communication between a user and a website, injecting malicious scripts. What type of attack is this? - Correct Answer Cross-Site Scripting (XSS)" "A hacker gains access to a network by exploiting a vulnerability in the wireless security protocols. What type of attack is this? - Correct Answer Man-in-the-Middle (MitM)" "An attacker gains access to a user's account by systematically trying all possible password combinations. What type of attack is this? - Correct Answer Brute Force" "A malicious actor gains unauthorized access to a server and deletes critical files, causing data loss. What type of attack is this? - Correct Answer Deletion" "An attacker gains access to a database and alters records to manipulate financial transactions. What type of attack is this? - Correct Answer Modification" "A hacker gains access to sensitive information by pretending to be a trusted employee. What type of attack is this? - Correct Answer Spoofing" "An attacker gains access to a network by exploiting a vulnerability in a software application's code. What type of attack is this? - Correct Answer Injection" "A hacker gains access to sensitive emails between two employees, extracting confidential information. What type of attack is this? - Correct Answer Eavesdropping" "An attacker sends a fraudulent email to an employee, tricking them into revealing sensitive login credentials. What type of attack is this? - Correct Answer Phishing" "A hacker gains access to a system by manipulating user input to execute unintended commands. What type of attack is this? - Correct Answer Injection" "A malicious actor floods a network with traffic from multiple sources, overwhelming its capacity. What type of attack is this? - Correct Answer DDoS" "An attacker gains access to a system by impersonating a delivery person and following an employee through a secured entrance. What type of attack is this? - Correct Answer Tailgating" "A hacker gains unauthorized access to a system and alters critical system files, causing system malfunctions. What type of attack is this? - Correct Answer Modification" "An attacker gains access to a system by exploiting a vulnerability in the application's code, allowing them to execute arbitrary commands. What type of attack is this? - Correct Answer Buffer Overflow" "A security analyst is conducting a vulnerability assessment on a network. What tool is commonly used to identify open ports on a system? - Correct Answer Nmap" "A company wants to ensure that employees' login credentials are securely transmitted over the internet. What technology should be used for this purpose? - Correct Answer SSL/TLS encryption" "An organization uses a security tool that captures and analyzes network traffic in real-time. What type of tool is being described? - Correct Answer Packet Sniffer" "A system administrator is implementing measures to prevent brute force attacks on user accounts. What security measure is most effective for this purpose? - Correct Answer Account Lockouts" "A company wants to allow employees to securely access internal resources from remote locations. What technology provides a secure method for this? - Correct Answer Virtual Private Network (VPN)" "An organization wishes to monitor and control the websites that employees can access. What technology is commonly used for this purpose? - Correct Answer Proxy Servers" "A security professional is conducting a penetration test on a web application to identify vulnerabilities. What tool is commonly used for this purpose? - Correct Answer Burp Suite" "An organization aims to protect sensitive data by replacing it with a random value. What technique is being described? - Correct Answer Tokenization" "A company is concerned about protecting data integrity during transmission. What technology should be used for this purpose? - Correct Answer Hash Functions" "An organization wants to monitor and log all incoming and outgoing network traffic for security analysis. What technology is suitable for this purpose? - Correct Answer NIDS" "A system administrator is configuring rules on a firewall to block specific types of incoming traffic based on protocol and port numbers. What feature is being implemented? - Correct Answer Packet Filtering" "A company wishes to protect against unauthorized access to its network by using a security measure that acts as a decoy system. What technology is being described? - Correct Answer Honeypots" "An organization is concerned about protecting sensitive data from unauthorized access and wants to use a secure key exchange mechanism. What technology should be implemented? - Correct Answer Mutual Authentication" "A company wants to ensure the secure and private exchange of sensitive data between its servers and a partner's servers over the internet. What technology should be used? - Correct Answer IPsec" "An organization needs to monitor and log all user activities within its network for auditing purposes. What technology is most suitable for this? - Correct Answer Auditing" "A company wants to protect its internal network by creating a buffer zone between the internal network and external networks. What security measure is commonly used for this purpose? - Correct Answer Network Segmentation" "An organization wants to encrypt communication between its email server and the email clients used by employees. What technology should be implemented for this purpose? - Correct Answer SSL/TLS encryption" "A security analyst wants to identify vulnerabilities in a network's configuration and software. What tool is commonly used for this purpose? - Correct Answer Nmap" "An organization wants to ensure that only authorized personnel can access its server room physically. What security measure should be implemented? - Correct Answer Biometric Authentication" "A company wants to monitor and analyze network traffic in real-time to detect and prevent suspicious activities. What technology is suitable for this purpose? - Correct Answer NIDS" "An organization aims to protect sensitive information stored in a database by ensuring that data is always in a consistent state. What technology should be implemented? - Correct Answer Hash Functions" "A company wants to protect its web application from unauthorized access and tampering by users. What security measure should be implemented? - Correct Answer Access Controls" "An organization is concerned about protecting data from being intercepted during communication between two servers. What technology should be used for this purpose? - Correct Answer Symmetric Encryption" "A company wants to allow employees to work remotely while ensuring that data on their laptops is protected. What security measure should be implemented? - Correct Answer VPN" "An organization is concerned about protecting against a variety of security threats, including malware and unauthorized access. What security measure should be implemented? - Correct Answer Defense-in-Depth" "A security analyst is conducting a penetration test on a web application and wants to identify vulnerabilities related to input validation. What tool is commonly used for this purpose? - Correct Answer Burp Suite" "An organization needs to ensure that sensitive data is securely transmitted over the internet. What technology should be used for this purpose? - Correct Answer SSL/TLS encryption" "A company wants to detect and prevent unauthorized access to its internal network in real-time. What technology is suitable for this purpose? - Correct Answer IPS" "An organization wants to ensure that data transmitted between two servers is not altered during communication. What technology should be implemented? - Correct Answer Digital Signature" "A security administrator is configuring rules on a firewall to allow or block traffic based on the source and destination IP addresses. What feature is being implemented? - Correct Answer Packet Filtering" "A company wants to monitor and log all activities within its network to comply with regulatory requirements. What technology is most suitable for this purpose? - Correct Answer Auditing" "A system administrator is concerned about protecting against unauthorized access to a network and wants to use a technology that acts as a barrier between the internal network and external networks. What technology is being described? - Correct Answer DMZ" "An organization is concerned about protecting sensitive information stored in databases and wants to ensure that only authorized individuals can access it. What security measure should be implemented? - Correct Answer Access Controls" "A company wants to monitor and analyze network traffic to detect and prevent suspicious activities. What technology is suitable for this purpose? - Correct Answer Intrusion Detection System (IDS)" "A security analyst is conducting a vulnerability assessment on a network and wants to identify potential security flaws in the network's infrastructure. What tool is commonly used for this purpose? - Correct Answer Nessus" "An organization wants to prevent unauthorized access to its server room. What physical security measure should be implemented? - Correct Answer Biometric Authentication" "A company is concerned about unauthorized individuals gaining access to its premises by following an employee through a secure entrance. What security threat is this known as? - Correct Answer Tailgating" "An organization wants to protect its network from external threats by creating a barrier between its internal network and the internet. What technology should be implemented for this purpose? - Correct Answer Firewall" "A security administrator is configuring rules on a firewall to allow or block traffic based on the application or service. What feature is being implemented? - Correct Answer Deep Packet Inspection" "A company is concerned about protecting sensitive data from eavesdropping during communication between two offices. What technology should be used for this purpose? - Correct Answer Virtual Private Network (VPN)" "A security analyst wants to monitor and analyze network traffic to detect and prevent suspicious activities in real-time. What technology is suitable for this purpose? - Correct Answer Intrusion Detection System (IDS)" "An organization wants to protect its internal network from malicious software and unauthorized access. What technology should be implemented at the network perimeter? - Correct Answer Firewall" "A company wants to ensure that only authorized devices can connect to its wireless network. What security measure should be implemented? - Correct Answer Access Controls" "An organization wants to create a secure zone within its network to host critical servers. What technology should be used to establish this secure zone? - Correct Answer Network Segmentation" "A security professional is concerned about protecting against unauthorized access to a network and wants to implement a technology that acts as a decoy system. What technology is being described? - Correct Answer Honeypots" "A company wants to monitor and log all activities within its network, including user logins and file access. What technology is most suitable for this purpose? - Correct Answer Auditing" "A security administrator is configuring rules on a firewall to block specific types of traffic based on the source and destination IP addresses. What feature is being implemented? - Correct Answer Packet Filtering" "An organization wants to protect its network from Distributed Denial of Service (DDoS) attacks. What technology should be implemented for this purpose? - Correct Answer DDoS Mitigation Service" "A company wants to ensure that data transmitted between two servers is encrypted to prevent eavesdropping. What technology should be implemented for this purpose? - Correct Answer SSL/TLS encryption" "An organization wants to protect its wireless network from unauthorized access and eavesdropping. What security measure should be implemented? - Correct Answer WPA3 Encryption" "A security analyst is conducting a security assessment and wants to identify vulnerabilities in a network's configuration. What tool is commonly used for this purpose? - Correct Answer Nessus" "An organization wants to ensure that sensitive data transmitted over its network is not altered during communication. What technology should be implemented for this purpose? - Correct Answer Digital Signature" "A company wants to protect its network from unauthorized access by implementing a security measure that acts as a barrier between the internal network and external networks. What technology is being described? - Correct Answer DMZ" "A security administrator is configuring rules on a firewall to block specific types of traffic based on the application layer information. What feature is being implemented? - Correct Answer Deep Packet Inspection" "An organization wants to protect its network from external threats and monitor and control internet usage. What technology should be implemented for this purpose? - Correct Answer Proxy Servers" "An organization wants to ensure that employees only have access to the information necessary for their roles. What principle should be implemented to achieve this? - Correct Answer Least Privilege" "A company is implementing a policy to define the acceptable use of organizational resources and information systems. What is this policy called? - Correct Answer Acceptable Use Policy" "An organization is implementing a policy to ensure that employees do not share their login credentials. What is this policy called? - Correct Answer Password Policy" "A company is implementing a practice to regularly review and update user access permissions. What is this practice called? - Correct Answer Access Review" "An organization wants to ensure that employees only have access to specific areas of a building based on their job responsibilities. What practice should be implemented? - Correct Answer Role-Based Access Control (RBAC)" "A security administrator is implementing a method to verify the identity of individuals accessing a system by using a combination of username and a one-time code sent to their mobile device. What method is being implemented? - Correct Answer Multi-Factor Authentication (MFA)" "An organization wants to ensure that employees can access multiple systems with a single set of credentials. What method should be implemented? - Correct Answer Single Sign-On (SSO)" "A company wants to implement a method where access permissions are automatically granted or revoked based on predefined rules and policies. What method is being described? - Correct Answer Attribute-Based Access Control (ABAC)" "An organization is implementing a policy to ensure that employees are only granted access to specific systems necessary for their job roles. What is this policy called? - Correct Answer Least Privilege Policy" "A security administrator is implementing a method to identify individuals based on their physical characteristics, such as fingerprints or retina scans. What method is being implemented? - Correct Answer Biometric Authentication" "A company is implementing a practice to regularly rotate and update user passwords to enhance security. What is this practice called? - Correct Answer Password Policy" "An organization is implementing a method where access permissions are assigned based on specific job responsibilities. What method is being described? - Correct Answer Role-Based Access Control (RBAC)" "A security administrator is implementing a practice to regularly review and update user roles and permissions. What is this practice called? - Correct Answer Access Review" "An organization is implementing a method where individuals are granted access based on their need for specific information to perform their job functions. What method is being described? - Correct Answer Need-to-Know" "A company is implementing a policy to ensure that employees with privileged access undergo thorough background checks. What is this policy called? - Correct Answer Background Check Policy" "An organization is implementing a method where access permissions are based on the specific tasks an individual performs within a job role. What method is being described? - Correct Answer Separation of Duties" "A security administrator is implementing a practice to regularly audit and monitor user activities to detect and prevent unauthorized access. What is this practice called? - Correct Answer Auditing" "An organization wants to ensure that individuals with access to sensitive information have undergone specific training on handling and protecting that information. What is this policy called? - Correct Answer Training and Awareness Policy" "A company is implementing a practice where individuals with administrative privileges have a separate set of credentials for administrative tasks. What is this practice called? - Correct Answer Dual Control" "An organization is implementing a method where individuals are granted access based on their job roles and specific attributes, such as location and time of day. What method is being described? - Correct Answer Attribute-Based Access Control (ABAC)" "An organization is implementing a new system and wants to ensure that only authorized users can access it. What security requirement should be considered? - Correct Answer Authentication" "A company is concerned about protecting sensitive information during communication between two offices. What security requirement should be considered? - Correct Answer Encryption" "An organization wants to monitor and record all activities within its network for compliance purposes. What security requirement should be implemented? - Correct Answer Auditing" "A security administrator is concerned about protecting against unauthorized access to a network and wants to implement a method to verify the identity of users. What security requirement is being described? - Correct Answer Authentication" "A company is implementing a new software application and wants to ensure that users have access only to the functionalities necessary for their roles. What security requirement should be considered? - Correct Answer Least Privilege" "An organization wants to protect its network from malicious software and unauthorized access. What security requirement should be implemented at the network perimeter? - Correct Answer Firewalls" "A security analyst is concerned about protecting sensitive data stored in a database and wants to ensure that only authorized individuals can access it. What security requirement should be implemented? - Correct Answer Access Control" "An organization wants to protect its wireless network from unauthorized access. What security requirement should be implemented? - Correct Answer Access Control" "A company is concerned about protecting sensitive information from being altered during communication between two servers. What security requirement should be implemented? - Correct Answer Digital Signature" "An organization wants to ensure that sensitive data is securely transmitted over the internet. What security requirement should be implemented? - Correct Answer Encryption" "A security administrator is concerned about protecting against unauthorized access to a system and wants to implement a method to ensure that users only have access to the information necessary for their job roles. What security requirement is being described? - Correct Answer Least Privilege" "An organization wants to protect its network from Distributed Denial of Service (DDoS) attacks. What security requirement should be implemented? - Correct Answer DDoS Mitigation Service" "A company is concerned about protecting sensitive data at rest and wants to ensure that it remains confidential. What security requirement should be implemented? - Correct Answer Encryption" "An organization wants to ensure that only authorized individuals can access its physical premises. What security requirement should be implemented? - Correct Answer Access Control" "A security administrator is concerned about protecting sensitive data during communication between two servers and wants to ensure that it cannot be intercepted or altered. What security requirement is being described? - Correct Answer Encryption" "A company wants to monitor and log all activities within its network to comply with regulatory requirements. What security requirement should be implemented? - Correct Answer Auditing" "An organization wants to ensure that sensitive information stored in a cloud environment is protected from unauthorized access. What security requirement should be implemented? - Correct Answer Access Control" "A security administrator is concerned about protecting sensitive information from unauthorized access and wants to implement a method to verify the identity of users based on something they know (e.g., a password). What security requirement is being described? - Correct Answer Authentication" "A company is concerned about protecting sensitive information from unauthorized access and wants to implement a method to verify the identity of users based on a unique physical characteristic. What security requirement is being described? - Correct Answer Authentication" "An organization wants to protect its network from unauthorized access and monitor and control internet usage. What security requirement should be implemented? - Correct Answer Access Control" "A hacker alters the contents of a sensitive document stored on a server, changing critical information. What type of attack is this? - Correct Answer Modification" "An attacker gains access to a network by posing as a legitimate user with the intent to perform unauthorized actions. What type of attack is this? - Correct Answer Spoofing" "A malicious actor floods a website with fake traffic, making it temporarily unavailable for legitimate users. What type of attack is this? - Correct Answer DDoS" "An attacker gains access to sensitive data by exploiting a vulnerability in a web application's code. What type of attack is this? - Correct Answer Injection" "A hacker gains unauthorized access to a server and copies sensitive files without leaving any trace. What type of attack is this? - Correct Answer Stealth"